WLAN Security. Giwhan Cho Distributed/Mobile Computing System Lab. Chonbuk National University
|
|
- Lucinda Butler
- 8 years ago
- Views:
Transcription
1 WLAN Security Giwhan Cho Distributed/Mobile Computing System Lab. Chonbuk National University
2 Content WLAN security overview i WLAN security components pre-rsn (Robust Security Network) security RSN security WPA (Wi-Fi Protected Access) WLAN security s other issues Ad-hoc security pre-authentication & roaming security Chonbuk National University 2003/06/26 KRnet2003 2/44 by Gihwan Cho
3 Overview (1/2) IEEE based WLAN security issues outflow of secrecy hacking illegal usage Authentication Access Control Integrity Confidentiality eavesdropping forgery Chonbuk National University 2003/06/26 KRnet2003 3/44 by Gihwan Cho
4 Increasing Protection Overview (2/2) : WLAN Security Trends VPN Multiple Solutions Validated WPA (802.1x, TKIP) i Ratified WPA Compliance For Logo Transition Industry To Standard WEP + Dynamic ReKey Nothing WEP Q1 03 Q2 03 Q3 03 Q4 03 Q1 04 Q2 04 Q3 04 Q4 04 Available at Launch Source : Dell/Microsoft/Intel Road Show Chonbuk National University 2003/06/26 KRnet2003 4/44 by Gihwan Cho
5 Content WLAN security overview i WLAN security components pre-rsn (Robust Security Network) security RSN security WPA (Wi-Fi Protected Access) WLAN security s other issues Ad-hoc security pre-authentication & roaming security Chonbuk National University 2003/06/26 KRnet2003 5/44 by Gihwan Cho
6 802.11i Security Components pre-rsn security IEEE authentication open system authentication shared key authentication WEP (Wired Equivalent Privacy) data privacy RSN security security association management RSN negotiation procedures IEEE 802.1x authentication IEEE 802.1x key management data privacy mechanism TKIP (Temporal Key Integrity Protocol) CCMP (Counter-Mode-CBC-MAC Protocol) Chonbuk National University 2003/06/26 KRnet2003 6/44 by Gihwan Cho
7 WLAN Authentication(1/7) Authentication degrees open (default) system authentication non-standard authentication but provided by vendors shared key authentication Any Closed System MAC Address PSK (Pre-Shared Key) high security Chonbuk National University 2003/06/26 KRnet2003 7/44 by Gihwan Cho
8 WLAN Authentication (2/7) ANY open system authentication AP(Access Point) permits everyone to authenticate successfully null authentication process - default value Router SSID : A AP SSID : B Authentication Integrity SSID : A SSID : ANY SSID : A Access Control Confidentiality MN Chonbuk National University 2003/06/26 KRnet2003 8/44 by Gihwan Cho
9 WLAN Authentication(3/7) Closed system AP accepts only client which of correct SSID deny ANY AP doesn t broadcast SSID in beacon Oh! non-safe SSID is broadcasted in the clear text by the probe request of client => attack by only sniffing the probe request packets Chonbuk National University 2003/06/26 KRnet2003 9/44 by Gihwan Cho
10 WLAN Authentication (4/7) Closed system example and related security issues Router SSID : A AP SSID : B MN SSID : A SSID : ANY Authentication Integrity Access Control Confidentiality Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
11 WLAN Authentication (5/7) MAC address system MAC access control MAC ACLs(Access Control lists) lists the MAC addresses with permission to use the network if the MAC address don t appear in the list, not permit unlisted MN MAC filtering deny or bridge the indicated MAC address Oh! non-safe.. MAC address can be changed at will => attack need only to eavesdrop or sniff the WLAN to identify those MAC addresses permitted access (MAC address is always transmitted in an unencrypted form) Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
12 WLAN Authentication (6/7) MAC address access control Router Access Control List : MAC A MAC B AP Access Control List : MAC A MAC B MAC C MAC : A MAC : F MAC : C Authentication Integrity MN Access Control Confidentiality Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
13 WLAN Authentication (7/7) PSK authentication shared key authentication utilize a shared key with a challenge and a response i.e., WEP STA AP Authentication request Challenge (Random) Response (Random encrypted with shared Key) Success if decrypted value matches random Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
14 WEP Data Privacy (1/4) WEP IEEE b standard RC4 algorithm pre-shared key authentication 64 bit WEP : 40-bit shared secret key + 24bits Initialization Vector(IV) Authentication Integrity? Access Control Confidentiality Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
15 WEP Data Privacy (2/4) 24bit 40bit Initialization Vector Seed WEP Secret Key PRNG (RC4) Key Sequence IV Ciphertext Plain Text Integrity Algorithm (CRC32) 32bit Integrity Check Value(ICV) Message WEP Encipherment block diagram Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
16 WEP Data Privacy (3/4) Secret Key IV Seed WEP PRNG (RC4) Key Sequence Plain text Integrity Algorithm (CRC32) ICV Ciphertext ICV ICV=ICV? WEP Decipherment block diagram Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
17 WEP Data privacy (4/4) WEP compromises WEP flaws keystream Reuse (IV short length/reuse permission) weak CRC-32 (linear/unkeyed message integrity check) no mutual protection no replay protection Attacks eavesdrop on message with same IV; traffic injection intercept packets for receiver and flips bit + change the appropriate bits in CRC to match the forged bit man-in-the middle attack : rogue AP or rogue client replay, impersonation; authentication spoofing Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
18 RSN Security Overview in 2000, IEEE Task Group i(tgi) develops enhanced security for standard (labeled RSN) three main pieces organized into two layers 1 security association management 2 TKIP 3 CCMP 802.1x : provides framework for robust user authentication and encryption key distribution (upper layer) provide enhanced data integrity over WEP (low layer) Authentication OK! Integrity Authorization Confidentiality Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
19 Security Association Management Laptop computer EAP Over LANs(EAPOL) Port connect Access blocked Association-Request + RSN IE 1. RSN negotiation procedure Probe Beacon +RSN IE Association-Response EAP Over RADIUS Ethernet asd Radius Server EAPOL-Start 2. IEEE 802.1x authentication EAP-Request/Identity EAPOL RADIUS EAP-Response/Identity EAP-Response(credentials) EAP-Request Radius-Access-Request Radius-Access-Challenge Radius-Access-Request 3. IEEE 802.1x key management EAPOL-Key (key exchange) Radius-Access-Accept ( privacy security association) EAP-Success Access allowed 4. Data protection Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho IE : Information Element PMK
20 1. RSN Negotiation Procedure (1/2) AP advertises network security capabilities to STAs(STAtion) SSID in probe beacon, RSN IE STA selects authentication suite and unicast cipher suite in association request RSN IE Format Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
21 1. RSN Negotiation Procedure (2/2) ASE (Authentication Suite Element) default : 802.1x auth. suite CSE (Cipher Suite Element) default : AES cipher suite OUI Type Meaning OUI Type Meaning 00:00:00 0 None 00:00:00 0 None 00:00:00 1 Unspecified authentication over 802.1x : default 00:00:00 1 WEP 00:00:00 2 TKIP 00:00:00 00:00:00 00:00: Any Pre-Shared Key over 802.1x Reserved Vendor Specific 00:00:00 00:00:00 00:00: Any Reserved for AES cipher : default Reserved Vendor Specific ASE and CSE Suite selector frame Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
22 x Authentication (1/5) EAP(Extended Authentication Protocol) (rfc 2284) port based filtering establish a mutually authenticated session key shared by AS (Authentication Server) and STA create PMK (Pairwise Master Key) Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
23 x Authentication (2/5) 802.1x port based authentication to Internet Supplicant s System Supplicant PAE 1 2 Authenticator s System Services Offered by Authenticator (e.g. Bridge Relay) Controlled port Port Authorize Authenticator PAE Uncontrolled port Authentication Server s System Authentication Server LAN PAE : Port Access Entity control flow data flow Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
24 x Authentication (3/5) EAP architecture TLS /TTLS SRP AKA CHAP-MD5 Authentication Layer EAP APIs EAP EAP Layer EAPOL PPP NDIS APIs Data Link Layer Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
25 x Authentication (4/5) EAP-TLS(Transport Layer Security) Client AP AS EAPOL-Start EAP-Response /Identity (My ID) EAP-Response/type EAP-TLS (ClientHello(random1)) EAP-Response/type EAP-TLS (Client_ certificate,changeciphersuite, finished) EAP-Response/type EAP-TLS EAP-Request/Identity EAP-Request/type EAP-TLS(TLS-start) EAP-Request/type EAP-TLS ServerHello (randmom2), Server_ certificate) MasterKey = TLS-PRF(PreMasterKey, master secret random1 random2) EAP-Request/type EAP-TLS (Change CipherSuite, finished) PMK = TLS-PRF(MasterKey, client EAP encryption random1 random2) Chonbuk National University 2003/06/26 KRnet2003 EAP-Success 25/44 by Gihwan Cho
26 x Authentication (5/5) : EAP Methods Method Common Implementation Authentication attributes Secret available to server standard Generate WEP key Wireless security MD5 Challenge-based password One-way auth. no RFC1994 RFC2284 no poor TLS Certificate-based two-way auth. mutual auth. no RFC2716 yes best TTLS PEAP LEAP Server auth. via certificates Client auth via another method Server auth. via certificates Client auth via another method Two-way challenge-based password mutual auth. mutual auth. mutual auth. Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho yes Via PAP depends on EAP method draft-ietfpppexteap-ttls- 01.txt draftjoseffsonpppexttlseap- 06.txt yes yes better better no proprietary yes good
27 x Key Management (1/4) : Pairwise Key Hierarchy Master Key (MK) Pairwise Master Key (PMK) = TLS-PRF(MasterKey, client EAP encryption clienthello.random serverhello.random) Pairwise Transient Key (PTK) = EAPoL-PRF(PMK,AP Nonce STA Nonce AP MAC Addr STA MAC Addr) Key confirmation Key (KCK) PTK bits Key Encryption Key (KEK) PTK bits Temporal Key (TK) PTK bits 256- n 802.1x key management step Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
28 x Key Management (2/4) : 4-Way Handshake Client AP PMK PMK EAPoL-Key (Reply Required, Unicast, ANonce) Pick Random SNonce, Drive PTK = EAPoL-PRF(PMK, ANonce SNonce AP MAC Addr STA MAC Addr) EAPoL-Key (Unicast, Snonce, MIC, STA RSN IE) Pick Random ANonce EAPoL-Key (Reply Request, Install PTK, Unicast, Anonce, MIC, AP RSN IE) Drive PTK EAPoL-Key (Unicast, MIC) Install TK Install TK Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
29 x Key Management (3/4) : Group Key Handshake Client AP PTK PTK EAPoL-Key (All Keys Installed, Ack, Group Rx, Key Id, Group, RSC, GNonce, MIC, GTK) Pick Random GNonce, Pick Random GTK Encrypt GTK with KEK Decrypt GTK EAPoL-Key (Group, MIC) Unblocked data traffic Unblocked data traffic GTK : Group Transient Key RSC : Replay Sequence Counter Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
30 3. Data Protection (4/4) : RSN TKIP pairwise key hierarchy EAPOL Master Key From Authentication Server EAPOL Authentication (STA)/RADIUS Attribute (AP) EAPOL Pairwise Master Key(256b) Infrastructure (ULA) only PN. PKeyID STA and AP Re-keying protocol EAPOL-KEY exchange Pairwise Nonce (KON, SN) PMK KON, SN TA RA Pairwise Transient Key (PTK) = PRF-512 (PMK, Pairwise key expansion, Min(TA,RA) Max(TA,RA) KON SN) EAPOL-Key EAPOL-Key Temporal TKIP Temporal Key owner Temporal Key owner Enc Key MIC Key Enc Key TX MIC Key RX MIC Key L(PTK, 0, 128) L(PTK, 128, 128) L(PTK, 256, 128) L(PTK, 384, 64) L(PTK, 448, 64) PKeyId SC RA TA TKIP Mixing Function TKIP Encryption Key TKIP Michael Seed(IV,RC4Key) MPDU Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho RC4 SC : Sequence Count RA : Receiver MAC Address TA : Transmitter MAC Address Pkey : Pairwise Key KON : Key Owner Nonce SN : Non-Key owner Nonce ULA : Upper Layer Authentication
31 4. Data Protection(1/5) : TKIP TKIP : Temporal Key Integrity Protocol Designed as a wrapper around WEP can be implemented in software reuses existing WEP hardware runs WEP as a sub-component TKIP design challenges against WEP s weakness prevent key reuse prevent data forgery prevent replay attacks prevent man-in-the middle attack Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
32 4. Data Protection (2/5) : TKIP Temporal Key TA Phase 1 key mixing TTAK Key Phase 2 key mixing WEP seed(s) (represented as WEP IV + RC4 key) MIC Key SA + DA + Plaintext MSDU Data MIC TKIP sequence counter(s) Plaintext MSDU + MIC Fragment(s) Plaintext MPDU(s) TKIP Encapsulation Block Diagram WEP Encapsulation Ciphertext MPDU(s) TA : Transmitter MAC Address SA : Source MAC Address DA : Destination MAC Address TTAK : Temporary TA Key MSDU : MAC Service Data Unit MPDU : MAC Protocol Data Unit IV : Initialization vector MIC : Message Integrity Code Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
33 4. Data Protection(3/5) : TKIP Temporal Key TA Phase 1 key mixing Ciphertext MPDU MIC Key TTA K Key TKIP sequence counter Unmix IV WEP IV Phase 2 Key mixing In sequence - MPDU Out - of - sequence MPDU WEP Seed WEP Decapsulation Plaintext MPDU MPDU with failed WEP ICV Reassemble SA + DA + Plaintext MSDU MIC MIC MIC MSDU with failed TKIP MIC Plaintext MSDU MIC = MIC? Countermeasures TKIP Decapsulation Block Diagram Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
34 4. Data Protection(4/5) : CCMP CCMP : Counter-Mode-CBC-MAC Protocol CCMP properties based on AES (Advanced Encryption Standard) in CCM mode CCM has a security level as good as other modes CBC-MAC + CTR (CounTeR) based on a block cipher CBC-MAC : used to compute a MIC on plaintext CTR mode : used to encrypt the payload and MIC temporal key = PTK bits ( ), GTK bits (0-127) 128bit TK is used for confidentiality and encryption AES overhead requires new AP hardware long-term solution Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
35 4. Data Protection(5/5) : CCMP Packet Sequence Number Construct IV And CTR IV CTR Plaintext MPDU Encode Packet Sequence Number Compute And Add CBC-MAC Compute Mode Encryption Ciphertext MPDU Key CCM for a Wireless LAN MPDU Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
36 Content WLAN security overview i WLAN security components pre-rsn (Robust Security Network) security RSN security WPA (Wi-Fi Protected Access) WLAN security s other issues Ad-hoc security pre-authentication & roaming security Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
37 Wi-Fi Protected Access (1/2) User authentication 802.1x + Extensible Authentication Protocol (EAP) Encryption Temporal Key Integrity Protocol (TKIP) 802.1x for dynamic key distribution Message Integrity Check (MIC) a.k.a. michael WPA = 802.1x + TKIP + EAP + MIC Authentication Authorization OK! Integrity Confidentiality Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
38 Wi-Fi Protected Access (2/2) : WPA is snapshot of i Source : Wi-Fi Alliance Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
39 Content WLAN security overview i WLAN security components pre-rsn (Robust Security Network) security RSN security WPA (Wi-Fi Protected Access) WLAN security s Other issues Ad-hoc security pre-authentication & roaming security Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
40 Ad-Hoc Security (1/2) : security threatens eavesdropping message replay tampering impersonation denial of service traffic monitoring Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
41 Ad-Hoc Security (2/2) : i proposal Configure a network-wide pre-shared key and SSID Each STA in ad-hoc network initiates 4-way handshake based on PSK when it receives following from a STA with whom it hasn t established communication beacon and probe request with same SSID Each STA distributes its own Group Key to each of the other STAs in ad hoc network Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
42 802.1x Pre-Authentication (1/2) IEEE 802.1x pre-authentication has substantial advantages for enables a station to authenticate to multiple APs minimizes connectivity loss during roaming can authenticate and derive keys early on, use keys to protect as many messages as possible most management and control frames can be protected, with the exception of beacon and probe request/response Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
43 802.1x Pre-Authentication (2/2) AS 1. STA authenticates and associates to AP A on channel 6 channel channel 6 STA does passive or active scan, moves, selects AP B as potential roam AP B 2 2 AP A 2. STA authenticates to AP B before connectivity is lost to AP A 3 STA 1 can send unicast 802.1x data frames to AP B, forwarded by AP A and be authenticated can tune radio to channel STA re-associates to AP B Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
44 Conclusion : WLAN Security progress Authentication / Access Control 802.1x PSK MAC Integrity/Confidentiality SSID TKIP/MIC AES WEP/CRC WEP2 Dynamic WEP Ad-Hoc Security Preauthentication Prospective Security Chonbuk National University 2003/06/26 KRnet /44 by Gihwan Cho
CS 356 Lecture 29 Wireless Security. Spring 2013
CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationWhite paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com
White paper Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points http://www.veryxtech.com White Paper Abstract Background The vulnerabilities spotted in the Wired Equivalent Privacy (WEP) algorithm
More informationWLAN Access Security Technical White Paper. Issue 02. Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD.
WLAN Access Security Technical White Paper Issue 02 Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD. . 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by
More informationWireless security. Any station within range of the RF receives data Two security mechanism
802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the
More informationSymm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2
Wi-Fi Security FEUP>MIEIC>Mobile Communications Jaime Dias Symmetric cryptography Ex: RC4, AES 2 Digest (hash) Cryptography Input: variable length message Output: a fixed-length bit
More informationWiFi Security: WEP, WPA, and WPA2
WiFi Security: WEP, WPA, and WPA2 - security requirements in wireless networks - WiFi primer - WEP and its flaws - 802.11i - WPA and WPA2 (RSN) Why security is more of a concern in wireless? no inherent
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More information802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com
802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key
More informationchap18.wireless Network Security
SeoulTech UCS Lab 2015-1 st chap18.wireless Network Security JeongKyu Lee Email: jungkyu21@seoultech.ac.kr Table of Contents 18.1 Wireless Security 18.2 Mobile Device Security 18.3 IEEE 802.11 Wireless
More informationIT-Sicherheit: Sicherheitsprotokolle. Wireless Security. (unter Benutzung von Material von Brian Lee und Takehiro Takahashi)
IT-Sicherheit: Sicherheitsprotokolle Wireless Security (unter Benutzung von Material von Brian Lee und Takehiro Takahashi) ! 61 ints 5 2 Po ss e c Ac 3 Built in Security Features!!!!!! Service Set Identifier
More informationEVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2)
EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) Moffat Mathews, Ray Hunt Department of Computer Science and Software Engineering, University of Canterbury, New Zealand {ray.hunt@canterbury.ac.nz}
More informationUNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security
UNIK4250 Security in Distributed Systems University of Oslo Spring 2012 Part 7 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s charter to develop
More informationNetwork security, TKK, Nov 2008 1
Outline Network security: WLAN Security LAN technology Threats against WLANs Weak security mechanisms and WEP 802.1X, WPA, 802.11i Tuomas Aura, Microsoft Research, UK 2 LAN technology LAN (WLAN) standards
More informationHow To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)
Wireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley Senior Consultant MCS Trustworthy Computing Services So what s the problem? WEP is a euphemism Wired Equivalent Privacy Actually, it s a
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationWEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication
WLAN Security WEP Overview 1/2 WEP, Wired Equivalent Privacy Introduced in 1999 to provide confidentiality, authentication and integrity Includes weak authentication Shared key Open key (the client will
More informationIEEE 802.11 Wireless LAN Security Overview
138 IEEE 802.11 Wireless LAN Security Overview Ahmed M. Al Naamany, Ali Al Shidhani, Hadj Bourdoucen Department of Electrical and Computer Engineering Sultan Qaboos University, Oman. Summary Wireless Local
More informationCS 336/536 Computer Network Security. Summer Term 2010. Wi-Fi Protected Access (WPA) compiled by Anthony Barnard
CS 336/536 Computer Network Security Summer Term 2010 Wi-Fi Protected Access (WPA) compiled by Anthony Barnard 2 Wi-Fi Protected Access (WPA) These notes, intended to follow the previous handout IEEE802.11
More informationNetwork Security: WLAN Security. Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010
Network Security: WLAN Security Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline Wireless LAN technology Threats against WLANs Weak security mechanisms and WEP 802.1X, WPA,
More informationHow To Secure Wireless Networks
Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements
More informationNetwork Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.
Network Security Chapter 15 Security of Wireless Local Area Networks Network Security (WS 2003: 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control (MAC and physical characteristics
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationWiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise
Michael Disabato Service Director Network & Telecom Strategies mdisabato@burtongroup.com Diana Kelley Senior Analyst Security & Risk Management Strategies dkelley@burtongroup.com www.burtongroup.com WiFi
More informationLecture 3. WPA and 802.11i
Lecture 3 WPA and 802.11i Lecture 3 WPA and 802.11i 1. Basic principles of 802.11i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 1 Lecture
More informationChapter 2 Wireless Networking Basics
Chapter 2 Wireless Networking Basics Wireless Networking Overview Some NETGEAR products conform to the Institute of Electrical and Electronics Engineers (IEEE) 802.11g standard for wireless LANs (WLANs).
More informationIEEE 802.1X For Wireless LANs
IEEE 802.1X For Wireless LANs John Roese, Ravi Nalmati, Cabletron Albert Young, 3Com Carl Temme, Bill McFarland, T-Span David Halasz, Aironet Paul Congdon, HP Andrew Smith, Extreme Networks Slide 1 Outline
More informationSecurity in IEEE 802.11 WLANs
Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh
More informationWireless Local Area Network Security Obscurity Through Security
Wireless Local Area Network Security Obscurity Through Security Abstract Since the deployment of infamous Wired Equivalent Privacy (WEP), IEEE and vendors have developed a number of good security mechanisms
More informationWLAN 802.11w Technology
Technical white paper WLAN 80.w Technology Table of contents Overview... Technical background... Benefits... 80.w technology implementation... Management Frame Protection negotiation... Protected management
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationA DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES
A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES Johanna Janse van Rensburg, Barry Irwin Rhodes University G01j202j7@campus.ru.ac.za, b.irwin@ru.ac.za (083) 944 3924 Computer Science Department, Hamilton
More informationDistributed Systems Security
Distributed Systems Security Protocols (Physical/Data-Link Layer) Dr. Dennis Pfisterer Institut für Telematik, Universität zu Lübeck http://www.itm.uni-luebeck.de/people/pfisterer Overview Security on
More informationLecture 2 Secure Wireless LAN
Lecture 2 Secure Wireless LAN Network security (19265400 / 201000086) Lecturers: Aiko Pras Pieter-Tjerk de Boer Anna Sperotto Ramin Sadre Georgios Karagiannis Acknowledgements Part of the slides are based
More informationTable of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example
Table of Contents Wi Fi Protected Access 2 (WPA 2) Configuration Example...1 Document ID: 67134...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Conventions...2 Background Information...2
More informationHuawei WLAN Authentication and Encryption
Huawei WLAN Authentication and Encryption The Huawei integrated Wireless Local Area Network (WLAN) solution can provide all-round services for municipalities at various levels and enterprises and institutions
More informationWireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.
Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key
More informationDESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland kamcderm@cisco.com
DESIGNING AND DEPLOYING SECURE WIRELESS LANS Karl McDermott Cisco Systems Ireland kamcderm@cisco.com 1 Agenda Wireless LAN Security Overview WLAN Security Authentication and Encryption Radio Monitoring
More informationWireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2)
Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) SUNY Technology Conference June 21, 2011 Bill Kramp FLCC Network Administrator Copyright 2011 William D. Kramp All Rights
More informationNetwork Security Protocols
Network Security Protocols Information Security (bmevihim100) Dr. Levente Buttyán associate professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS)
More informationHow To Understand The Latest Wireless Networking Technology
GLOSSARY 802.11 The IEEE standard that specifies carrier sense media access control and physical layer specifications for 1- and 2-megabit-per-second (Mbps) wireless LANs operating in the 2.4-GHz band.
More informationAdvanced Security Issues in Wireless Networks
Advanced Security Issues in Wireless Networks Seminar aus Netzwerke und Sicherheit Security Considerations in Interconnected Networks Alexander Krenhuber Andreas Niederschick 9. Januar 2009 Advanced Security
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationIEEE 802.1X Overview. Port Based Network Access Control
IEEE 802.1X Overview Port Based Network Access Control 802.1X Motivation and History Increased use of 802 LANs in public and semi-public places Desire to provide a mechanism to associate end-user identity
More informationWIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS
January 2003 January WHITE 2003 PAPER WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS With the increasing deployment of 802.11 (or Wi-Fi) wireless networks in business environments, IT organizations are
More informationCertified Wireless Security Professional (CWSP) Course Overview
Certified Wireless Security Professional (CWSP) Course Overview This course will teach students about Legacy Security, encryption ciphers and methods, 802.11 authentication methods, dynamic encryption
More informationWireless Technology Seminar
Wireless Technology Seminar Introduction Adam Worthington Network Consultant Adam.Worthington@euroele.com Wireless LAN Why? Flexible network access for your users? Guest internet access? VoWIP? RFID? Available
More informationVulnerabilities of Wireless Security protocols (WEP and WPA2)
Vulnerabilities of Wireless Security protocols (WEP and WPA2) Vishal Kumkar, Akhil Tiwari, Pawan Tiwari, Ashish Gupta, Seema Shrawne Abstract - Wirelesses Local Area Networks (WLANs) have become more prevalent
More informationJournal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN 2067 4074
Issues in WiFi Networks Nicolae TOMAI Faculty of Economic Informatics Department of IT&C Technologies Babes Bolyai Cluj-Napoca University, Romania tomai@econ.ubbcluj.ro Abstract: The paper has four sections.
More informationAnalysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal
Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal 1,2 Department of CSE 1,2,3 BRCM Bahal, Bhiwani 1 shenam91@gmail.com, 2 dkamal@brcm.edu.in Abstract This paper
More informationProCurve Wireless LAN Security
ProCurve Wireless LAN Security Fundamentals Guide Technical Training Version 8.21 Contents ProCurve Wireless LAN Security Fundamentals Introduction... 1 Objectives... 1 Discussion Topics... 2 Authentication
More informationWireless LAN Access Control and Authentication
Authors: John Vollbrecht, Founder Interlink Networks, Inc. 5405 Data Court, Suite 300, Ann Arbor, MI 48108, jrv@interlinknetworks.com Robert Moskowitz, Senior Technical Director TruSecure Corporation,
More informationAll vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices
Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly
More informationSecurity protocols of existing wireless networks
Security and Cooperation in Wireless Networks http://secowinet.epfl.ch/ Security protocols of existing wireless networks cellular networks: - GSM; - UMTS; Bluetooth; WiFi LANs; 2007 Levente Buttyán and
More informationWIRELESS NETWORK SECURITY
WIRELESS NETWORK SECURITY Much attention has been focused recently on the security aspects of existing Wi-Fi (IEEE 802.11) wireless LAN systems. The rapid growth and deployment of these systems into a
More informationWLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles
WLAN Security.. from this... Security Architectures and Protocols in Wireless LANs (Section 3) 1 2 WLAN Security.. to this... How Security Breaches Occur 3 War (wide area roaming) Driving/War Chalking
More informationIntroduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu
Introduction to WiFi Security Frank Sweetser WPI Network Operations and Security fs@wpi.edu Why should I care? Or, more formally what are the risks? Unauthorized connections Stealing bandwidth Attacks
More information802.11b Wireless LAN Authentication, Encryption, and Security
802.11b Wireless LAN Authentication, Encryption, and Security Young Kim ELEN 6951 1. Abstract With the rapid growth of wireless local area network, security has been the number one concern in this arena
More informationThe Importance of Wireless Security
The Importance of Wireless Security Because of the increasing popularity of wireless networks, there is an increasing need for security. This is because unlike wired networks, wireless networks can be
More informationChapter 10: Designing and Implementing Security for Wireless LANs Overview
Chapter 10: Designing and Implementing Security for Wireless LANs Overview Identify and describe the strengths, weaknesses, appropriate uses, and appropriate implementation of IEEE 802.11 security related
More informationWireless Networking Basics. NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA
Wireless Networking Basics NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA n/a October 2005 2005 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and Auto Uplink are trademarks
More informationYour 802.11 Wireless Network has No Clothes
Your 802.11 Wireless Network has No Clothes William A. Arbaugh Narendar Shankar Y.C. Justin Wan Department of Computer Science University of Maryland College Park, Maryland 20742 March 30, 2001 Abstract
More information1. discovery phase 2. authentication and association phase 3. EAP/802.1x/RADIUS authentication 4. 4-way handshake 5. group key handshake 6.
1. discovery phase 2. authentication and association phase 3. EAP/802.1x/RADIUS authentication 4. 4-way handshake 5. group key handshake 6. secure data communication. The access point periodically advertise
More informationANALYSIS OF SECURITY PROTOCOLS FOR WIRELESS NETWORKS
ANALYSIS OF SECURITY PROTOCOLS FOR WIRELESS NETWORKS A DISSERTATION SUBMITTED TO THE DEPARTMENT OF ELECTRICAL ENGINEERING AND THE COMMITTEE ON GRADUATE STUDIES OF STANFORD UNIVERSITY IN PARTIAL FULFILLMENT
More informationWi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003
Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003 2003 Wi-Fi Alliance. Wi-Fi is a registered trademark of the Wi-Fi Alliance
More informationState of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture
State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description
More informationAttacks Due to Flaw of Protocols Used In Network Access Control (NAC), Their Solutions and Issues: A Survey
I. J. Computer Network and Information Security, 2012, 3, 31-46 Published Online April 2012 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2012.03.05 Attacks Due to Flaw of Protocols Used In
More informationXIV. Title. 2.1 Schematics of the WEP. 21. 2.2 Encryption in WEP technique 22. 2.3 Decryption in WEP technique. 22. 2.4 Process of TKIP 25
XIV LIST OF FIGURES Figure Title Page 2.1 Schematics of the WEP. 21 2.2 Encryption in WEP technique 22 2.3 Decryption in WEP technique. 22 2.4 Process of TKIP 25 2.5 IEEE 802.1x Structure 30 2.6 RSNA Architecture
More informationAuthentication in WLAN
Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing
More informationWireless Networks. Welcome to Wireless
Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)
More informationCS5490/6490: Network Security- Lecture Notes - November 9 th 2015
CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter
More informationUnderstanding Wireless Security on Your Polycom SpectraLink 8400 Series Wireless Phones
Understanding Wireless Security on Your Polycom SpectraLink 8400 Series Wireless Phones Polycom s SpectraLink 8400 Series wireless phones meet the highest security requirements. By the time you deploy
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationACC-232 2002, Cisco Systems, Inc. All rights reserved.
1 2 Securing 802.11 Wireless Networks Session 3 Session Information Basic understanding of components of 802.11 networks Please save questions until the end 4 Agenda Drivers for Wireless Security Wireless
More informationMAC Layer Key Hierarchies and Establishment Procedures
MAC Layer Key Hierarchies and Establishment Procedures Jukka Valkonen jukka.valkonen@tkk.fi 17.11.2006 1. Introduction and Background 2. Pair-wise associations 3. Group associations 4. Different layers
More informationWireless Network Security Challenges
Wireless Network Security Challenges SHARE Summer 2010 Boston Laura Knapp WW Business Consultant Applied Expert Systems (www.aesclever.com) laurak@aesclever.com laura@lauraknapp.com Networking - Connecting
More informationThe Wireless Network Road Trip
The Wireless Network Road Trip The Association Process To begin, you need a network. This lecture uses the common logical topology seen in Figure 9-1. As you can see, multiple wireless clients are in
More informationResearch In Motion D. Stanley, Ed. Aruba Networks March 2009
Network Working Group Request for Comments: 5416 Category: Standards Track P. Calhoun, Ed. Cisco Systems, Inc. M. Montemurro, Ed. Research In Motion D. Stanley, Ed. Aruba Networks March 2009 Control and
More informationWireless LANs and Privacy. Ido Dubrawsky Network Security Engineer Cisco Secure Consulting Services Cisco Systems, Inc. And
Wireless LANs and Privacy Ido Dubrawsky Network Security Engineer Cisco Secure Consulting Services Cisco Systems, Inc. And Lance Hayden Business Development Manager Cisco Secure Consulting Services Cisco
More informationWI-FI SECURITY: A LITERATURE REVIEW OF SECURITY IN WIRELESS NETWORK
IMPACT: International Journal of Research in Engineering & Technology (IMPACT: IJRET) ISSN(E): 2321-8843; ISSN(P): 2347-4599 Vol. 3, Issue 5, May 2015, 23-30 Impact Journals WI-FI SECURITY: A LITERATURE
More informationEnterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003
Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003 Executive Summary The threat to network security from improperly secured WLANs is a real and present danger for today s enterprises.
More informationNetzwerksicherheit: Anwendungen
Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationAgenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story
Wireless s June September 00 Agenda Wireless Security ผศ. ดร. อน นต ผลเพ ม Asst. Prof. Anan Phonphoem, Ph.D. anan@cpe.ku.ac.th http://www.cpe.ku.ac.th/~anan Computer Engineering Department Kasetsart University,
More informationWireless security (WEP) 802.11b Overview
Wireless security (WEP) 9/01/10 EJ Jung 802.11b Overview! Standard for wireless networks Approved by IEEE in 1999! Two modes: infrastructure and ad hoc IBSS (ad hoc) mode Independent Basic Service Set
More informationWireless communications systems security. Alexey Fomin, SUAI fomin@vu.spb.ru
Wireless communications systems security Alexey Fomin, SUAI fomin@vu.spb.ru Agenda Current security solutions in wireless systems (802.11) Open problems 2 Security Tasks Message authentication & privacy
More informationSecurity in Wireless and Mobile Networks
Security in Wireless and Mobile Networks 1 Introduction This is a vast and active field, a course by itself Many references on wireless security A good book on wireless cooperation: Thwarting Malicious
More informationSecurity Policy. Trapeze Networks
MX-200R-GS/MX-216R-GS Mobility Exchange WLAN Controllers Security Policy Trapeze Networks August 14, 2009 Copyright Trapeze Networks 2007. May be reproduced only in its original entirety [without revision].
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More informationAnalyzing Wireless LAN Security Overhead
Analyzing Wireless LAN Security Overhead Harold Lars McCarter Thesis submitted to the Faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the requirements for the
More informationWi-Fi security WEP, WPA and WPA2
Wi-Fi security WEP, WPA and WPA2 What's hot Guillaume Lehembre Difficulty Wi-Fi (Wireless Fidelity) is one of today s leading wireless technologies, with Wi-Fi support being integrated into more and more
More informationCertficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz
Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN Daniel Schwarz Overview: 1. Introduction I. PKIX 2. Basics I. PPP II. EAP III. 802.1x IV. X.509 certificate extensions
More informationNXC5500/2500. Application Note. 802.11w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015
NXC5500/2500 Version 4.20 Edition 2, 02/2015 Application Note 802.11w Management Frame Protection Copyright 2015 ZyXEL Communications Corporation 802.11w Management Frame Protection Introduction IEEE 802.11w
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationA Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite
White Paper A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite 1. Introduction Since the ratification of the IEEE 802.11b standard in 1999, wireless LANs have
More informationWireless LAN Security Mechanisms
Wireless LAN Security Mechanisms Jingan Xu, Andreas Mitschele-Thiel Technical University of Ilmenau, Integrated Hard- and Software Systems Group jingan.xu@tu-ilmenau.de, mitsch@tu-ilmenau.de Abstract.
More informationConfigure WorkGroup Bridge on the WAP131 Access Point
Article ID: 5036 Configure WorkGroup Bridge on the WAP131 Access Point Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless
More informationIEEE 802.11i WLAN Security Protocol A Software Engineer s Model
IEEE 802.11i WLAN Security Protocol A Software Engineer s Model Elankayer Sithirasenan, V. Muthukkumarasamy, Danny Powell School of Information and Communication Technology Griffith University, Queensland,
More informationWith its promise of a target transmission. Responding to Security Issues in WiMAX Networks. Section Title
Responding to Security Issues in WiMAX Networks Chin-Tser Huang, University of South Carolina J. Morris Chang, Iowa State University WiMAX technology has attracted significant attention and interest because
More informationNetwork Security Protocols
Network Security Protocols -- introduction -- secure web transactions: TLS (https) -- network layer security: IPsec -- WiFi security: WEP, WPA, WPA2 -- lessons learnt (c) Levente Buttyán (buttyan@crysys.hu)
More information